Somebody finally found a hole in OS/2 that's running all the ATMs? What, it isn't OS/2 anymore? Pity...
A firm that supplies security software for cash machines has updated its technology after researchers uncovered a number of serious shortcomings. Flaws in GMV's Checker ATM Security technology created a means for hackers to remotely run malicious code on a targeted ATM. The CVE-2017-6968 vulnerability opened the door to all …
Yeah, as the Managing Member of Arca Noae, the company which just released ArcaOS 5.0, our own OS/2-based distro, stories like this make me cringe.
The last time I saw an OS/2 system compromised by such code was...well...never.
ArcaOS also allows these ATM manufacturers to run their older OS/2 software on modern hardware. ArcaOS on a dual or quad core system with even 2GB RAM (well over our minimum requirements) is a thing of beauty. Put that on an SSD, and there even fewer moving parts to maintain. Such an ATM would be a tremendous asset, and not on the Microsoft patch-o'-the-week treadmill...
It's difficult to take ATMs seriously on security when they show adverts.
Just highlights that the primary purpose of a bank is to make money, not to provide service. Any security is there to provide protection to their assets. That their customers' assets might also be protected is happy coincidence.
"most paper money basically just an IOU"
An interesting question, and strongly dependent on what exactly you mean by "an IOU".
The "I promise to pay the bearer on demand" thing on a British banknote is a historical remnant of the time when the word "pound" meant "a pound of" and the thing it was a pound of was Sterling silver (pound Sterling, Sterling silver...). There's a museum in the middle of Oxford (well, there was when I lived there) that had old (17th Century?) pound coins in a display case. A f---ing pound of silver, that is. Made for a fairly hefty coin.
But today, if you go to the Bank of England to get your sum of five pounds, they'll take your fiver and give you a different one, because the currency is no longer tied to a real asset. No modern currency is tied to a real asset - they are *all* "fiat" currencies, even the mighty (?) US dollar, which ceased to be an asset-backed currency (gold) in 1971.
So yes, or no, it's still (or not) an IOU, but it's not at all clear what it is that I owe you if you have one and it's me that owes (or doesn't) you something.
I don't suppose you would favor us with the Windows OS version that this product runs on? Security cannot be tacked on as an after thought but must be baked into the product. Regardless of how PCI-DSS compliant it is certified as. In the old days updating the software on an ATM required the visit of two technicians with a hardware dongle that they plugged into the ATM. The technicians typed in two unique serial numbers that were used to generate a unique encryption key and used to update the device. Once this was done any future attempt to overwrite the firmware would fail. All such security mitigation devices are rendered useless since the banks moved their ATMs to a toy of an Operating System.
is available for the following operating systems: Windows (NT, XP, Vista and 7) and Linux (kernel 2.6 and 3.0). if you are running an ATM on windows NT 4.0 I'm not sure what to say.
I've never seen an ATM that ran on linux. It's either been windows or OS/2
Biting the hand that feeds IT © 1998–2019